Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e513eca2 by Moritz Mühlenhoff at 2025-02-13T16:36:27+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2025-0995
- chromium 133.0.6943.98-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-25286 (Crayfish is a collection of Islandora 8 microservices, one of
which, H ...)
- TODO: check
+ NOT-FOR-US: Crayfish
CVE-2025-20097 (Uncaught exception in OpenBMC Firmware for the Intel(R) Server
M50FCP ...)
NOT-FOR-US: Intel
CVE-2025-1229 (A vulnerability classified as critical was found in olajowon
Loggrove ...)
- TODO: check
+ NOT-FOR-US: olajowon Loggrove
CVE-2025-1228 (A vulnerability classified as problematic has been found in
olajowon L ...)
- TODO: check
+ NOT-FOR-US: olajowon Loggrove
CVE-2025-1227 (A vulnerability was found in ywoa up to 2024.07.03. It has been
rated ...)
NOT-FOR-US: ywoa
CVE-2025-1226 (A vulnerability was found in ywoa up to 2024.07.03. It has been
declar ...)
@@ -189,31 +189,31 @@ CVE-2024-21859 (Improper buffer restrictions in the UEFI
firmware for some Intel
CVE-2024-21830 (Uncontrolled search path in some Intel(R) VPL software before
version ...)
TODO: check
CVE-2024-13770 (The Puzzles | WP Magazine / Review with Store WordPress Theme
+ RTL th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13644 (The DethemeKit For Elementor plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13346 (The Avada | Website Builder For WordPress & WooCommerce theme
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13345 (The Avada Builder plugin for WordPress is vulnerable to
arbitrary shor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13229 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13227 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13125 (The Everest Forms WordPress plugin before 3.0.8.1 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13121 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13120 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13119 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12673 (An improper privilege vulnerability was reported in a BIOS
customizati ...)
TODO: check
CVE-2024-12586 (The Chalet-Montagne.com Tools WordPress plugin through 2.7.8
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10763 (The Campress theme for WordPress is vulnerable to Local File
Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10083 (CWE-20: Improper Input Validation vulnerability exists that
could caus ...)
TODO: check
CVE-2023-49618 (Improper buffer restrictions in some Intel(R) System Security
Report a ...)
@@ -229,9 +229,9 @@ CVE-2023-48267 (Improper buffer restrictions in some
Intel(R) System Security Re
CVE-2023-32277 (Untrusted Pointer Dereference in I/O subsystem for some
Intel(R) QAT s ...)
TODO: check
CVE-2023-31276 (Heap-based buffer overflow in BMC Firmware for the Intel(R)
Server Boa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29164 (Improper access control in BMC Firmware for the Intel(R)
Server Board ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-1247
NOT-FOR-US: Quarkus
CVE-2025-26378 (A CWE-862 "Missing Authorization" in
maxprofile/users/routes.lua in Q- ...)
@@ -406,7 +406,7 @@ CVE-2025-1188 (A vulnerability, which was classified as
critical, has been found
CVE-2025-1187 (A vulnerability classified as critical was found in
code-projects Poli ...)
NOT-FOR-US: code-projects Police FIR Record Management System
CVE-2025-1146 (CrowdStrike uses industry-standard TLS (transport layer
security) to s ...)
- TODO: check
+ NOT-FOR-US: CrowdStrike
CVE-2025-1102 (A CWE-346 "Origin Validation Error" in the CORS configuration
in Q-Fre ...)
NOT-FOR-US: Q-Free MaxTime
CVE-2025-1101 (A CWE-204 "Observable Response Discrepancy" in the login page
in Q-Fre ...)
@@ -416,7 +416,7 @@ CVE-2025-1100 (A CWE-259 "Use of Hard-coded Password" for
the root account in Q-
CVE-2025-1042 (An insecure direct object reference vulnerability in GitLab EE
affecti ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-0937 (Nomad Community and Nomad Enterprise ("Nomad") event stream
configured ...)
- TODO: check
+ - nomad <removed>
CVE-2025-0925
REJECTED
CVE-2025-0919
@@ -1884,7 +1884,7 @@ CVE-2024-48091 (Tally Prime Edit Log v2.1 was discovered
to contain a DLL hijack
CVE-2024-35106 (NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a
buffer ove ...)
NOT-FOR-US: NEXTU FLETA AX1500 WIFI6
CVE-2024-10383 (An issue has been discovered in the gitlab-web-ide-vscode-fork
compone ...)
- TODO: check
+ NOT-FOR-US: gitlab-web-ide-vscode-fork
CVE-2025-24032 (PAM-PKCS#11 is a Linux-PAM login module that allows a X.509
certificat ...)
{DSA-5864-1}
- pam-pkcs11 0.6.13-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e513eca2cd0e76fa3868984eb6c805988f97f924
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e513eca2cd0e76fa3868984eb6c805988f97f924
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
